by r0t,der4444,cembo,VietMafia

Saturday, December 17, 2005

Baseline CMS vuln.

Baseline CMS vuln.

Vuln. discovered by : r0t
Date: 17 dec. 2005
vendor:http://www.nma.ca/
affected version: 1.95 and prior

Product Description:

Baseline CMS is a powerful, web-based content management system that gives you a fast, easy way to update your website - without having to call a webmaster or learn a programming language. Baseline CMS is an investment in technology that will provide a long-term, highly versatile communication channel with low maintenance costs.

Vuln. Description:

1.XSS
Baseline CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "PageID" "SiteNodeID" in "Page.asp" paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

2.SQL inj.
Baseline CMS contains a flaw that allows a remote sql injection attacks.Input passed to the "SiteNodeID" parameter in "Page.asp" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

examples:

/Page.asp?PageID=[XSS]
/Page.asp?PageID=1&SiteNodeID=[XSS]
/Page.asp?PageID=1&SiteNodeID=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Dave McKay told...

Version 2.0 (released in Jan 1006) does not have this issue and we have patched prior versions. Thanks for identifying this.

D. McKay
Vice-President
NMA

1:46 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew